Systems and methods for the secure control of data within heterogeneous systems and networks

Abstract

A system and method for managing data rights is disclosed. A label associated with a data object is received and one or more predefined rules for the conversion of the label to a universal label having a universal format. The label is converted into the universal label at least in part by electronically mapping information associated with the label to one or more data fields associated with the universal label based at least in part on the one or more predefined rules.

Description

CROSS REFERENCE TO RELATED APPLICATION[0001]This application claims priority from U.S. Provisional Application No. 60 / 796,986, entitled “A System for Secure Storage, Evaluation, Control, and Dissemination of Data Within Heterogeneous Computer Systems and Networks,” which was filed on May 1, 2006, and is incorporated by reference herein in its entirety.FIELD OF THE INVENTION[0002]The present invention relates generally to data security, and, more particularly, to data security within heterogeneous systems and networks.BACKGROUND OF THE INVENTION[0003]There has long existed a need for the secure handling of data within computer systems and networks. In the modern information society, it is very easy to distribute and communicate information in electronic form. The ease of communicating information has brought about new difficulties regarding the security and access control of electronic information and data. Various prior art information assurance techniques and systems have been deve...

AI Technical Summary

Benefits of technology

[0012]According to one embodiment of the invention, there is provided a method for electronically managing data rights. A label associated with a data object may be received and one or more predefined rules for the conversion of the label to a universal label having a universal

Problems solved by technology

The ease of communicating information has brought about new difficulties regarding the security and access control of electronic information and data.

Various prior art information assurance techniques and systems have been developed that attempt to identify and counteract actual or potential threats to the confidentiality, integrity, and availability of data within systems and networks; however, a number of limitations are inherent in these prior art techniques and systems.

Although several information assurance techniques, including MAC, exist for marking data, the practical applicability of current data marking, control, and evaluation techniques are often fraught with technical and organizational problems.

As a result, object data that is marked utilizing a first marking and evaluation technique cannot be accessed by a system that utilizes a second marking and evaluation technique.

The combination of multiple operating system and software packages results in the marking of data objects according to a myriad of techniques that are incompatible with one another.

Additionally, the design, engineering, and implementation of information assurance systems is time consuming and expensive largely due to the mapping and integration of their complex capabilities into a comprehensive security approach, or policy.

The time and cost needed to successfully implement an information assurance system is also affected by the experience and knowledge of the developers and engineers responsible for its development, testing, and deployment.

In many cases the development staff is aware of the core functional requirements of their specific application such as, for example, the means for creating a report using underlying business data; however, the development staff often possesses only rudimentary knowledge regarding the theory and practical application of information assurance techniques.

This disconnect often results in ineffective security enforcement within the application, network or system, which can lead to excessive disclosure of protected information.

Additionally, many existing information assurance products are designed to protect simple file-based access solutions and do not take into account dynamically generated data or information.

In other words, the existing systems can protect a stored file but cannot adequately protect data that is dynamically generated in real time.

Additional information assurance challenges exist in the Service Oriented Architectures (‘SOA’) that are rapidly gaining prominence within software developer communities.

These independent services further complicate the information assurance landscape because each service is free to establish its own security methods and policy.

Another obstacle to the development and deployment of information assurance systems is the concern over the performance of the system.

A controlled interface typically filters data as it is delivered, resulting in a computationally expensive operation that degrades overall system performs.

Images